﻿<?php session_start(); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<?php
if (!(isset($_SESSION["admin"]))) {
header("Location: index.php");
exit();
} else {
if ($_SESSION["admin"] != "true") {
header("Location: index.php");
exit();
}
}
if (!(isset($_GET["id"])) || !(isset($_GET["catid"]))) {
header("Location: index.php");
exit();
}//end of checking for id's in querystring
?>
<?php
require("dbInc.php");
$mysqliObj = new mysqli($dbHost, $dbUser, $dbPass, $dbDB);
$catID = mysqli_real_escape_string($mysqliObj, $_GET["catid"]);
$productID = mysqli_real_escape_string($mysqliObj, $_GET["id"]);
$productName = "";
$productDescription = "";
$productPrice = "0.00";
$imagesArray = array();
$vURLs = "";
if (isset($_POST["btnSave"])) {
$productName = "'" . mysqli_real_escape_string($mysqliObj, $_POST["txtName"]) . "'";
$productDescription = "'" . mysqli_real_escape_string($mysqliObj, $_POST["txtDescription"]) . "'";
$productPrice = mysqli_real_escape_string($mysqliObj, $_POST["txtPrice"]);
$vURLs = "'" . mysqli_real_escape_string($mysqliObj, $_POST["txtURLs"]) . "'";
if ($productID > 0) {
$sql = sprintf("update %s set vName = %s, vDescription = %s, fPrice = %f, vURLs = %s where id = %s", $tableProducts, $productName, $productDescription, $productPrice, $vURLs, $productID);
$mysqliObj->query($sql);
$msg = "Product updated";
} else {
$sql = sprintf("insert into %s (iCatID, vName, vDescription, fPrice, vURLs) values (%s, %s, %s, %f, %s);", $tableProducts, $catID, $productName, $productDescription, $productPrice, $vURLs);
$mysqliObj->query($sql);
$productID = $mysqliObj->insert_id;
$msg = "Product added";
}//end of checking if existing or new product
}//end of checking if form submitted
if ($productID > 0) {
$sql = sprintf("select vName, vDescription, fPrice from %s where id = %s;", $tableProducts, $productID);
$res = $mysqliObj->query($sql);
$res->data_seek(0);
if ($res->num_rows > 0) {
$row = $res->fetch_assoc();
$productName = $row["vName"];
$productDescription = str_replace("\'", "'", $row["vDescription"]);
$productPrice = sprintf("%1\$.2f", floatval($row["fPrice"]));
$vURLs = $row["vURLs"];
}//end of checking of data row returned
$sql = sprintf("select id, vPath, vDescription from %s where iProductID = %s;", $tableImages, $productID);
$res = $mysqliObj->query($sql);
$res->data_seek(0);
if ($res->num_rows > 0) {
while ($row = $res->fetch_assoc()) {
//id, vPath, vDescription
array_push($imagesArray, array($row["id"], $row["vPath"], str_replace("\'", "'", $row["vDescription"])));
}//end of looping through image data rows
}//end of checking if images in DB
}//end of checking if existing product
$mysqliObj->close();
?>
<title>Product details</title>
<link type="text/css" rel="stylesheet" href="../styles.css" />
<?php
include("../includefunctions.inc");
?>
<script type="text/javascript" language="javascript">
function validateForm(theForm) {
with (theForm) {
if (validate_required(txtName,"You must enter a value for the product name") == false)
{txtName.focus();return false}
if (validate_required(txtDescription,"You must enter a value for the product description") == false)
{txtDescription.focus();return false}
if (validate_required(txtPrice,"You must enter a value for the product price") == false)
{txtPrice.focus();return false}
}//end of with clause
}//end of validateForm function

function checkMsg() {
var msg = "<?php echo $msg; ?>";
if (msg.length > 0) {
alert(msg);
}
}//end of checkMsg function
</script>
</head>
<body onload="checkMsg();">
<iframe name="logoFrame" id="logoFrame" src="../logo.htm" border="0" height="120" align="top" frameborder="0" marginheight="0" width="100%" scrolling="no">
<a href="http://www.blindza.co.za/" target="_blank">
<img src="../logo/blindza_logo_smaller46.jpg" alt="blindZA.co.za logo - white text on black background, with white border - and red braille version hovering in front of normal text" width="317" height="103" border="0" />
</a>
</iframe>
<a href="category.php?id=<?php echo $catID; ?>">Back to category</a>
<h2>Product details</h2>
<form action="product.php?catid=<?php echo $catID; ?>&id=<?php echo $productID; ?>" method="post" enctype="multipart/form-data" onsubmit="return validateForm(this);">
<table align="center" border="0">
<tr>
<th align="right">Product name (required):</th>
<td>
<input type="text" name="txtName" value="<?php echo $productName; ?>" />
</td>
</tr>
<tr>
<th align="right" valign="top">Product description(required):</th>
<td>
<textarea name="txtDescription" multiline="true" rows="5" cols="100"><?php echo $productDescription; ?></textarea>
</td>
</tr>
<tr>
<th align="right">Price (0.00 format):</th>
<td>
<input type="text" name="txtPrice" value="<?php echo $productPrice; ?>" />
</td>
</tr>
<tr>
<th align="right" valign="top">Reference web addresses:</th>
<td>
<textarea name="txtURLs" multiline="true" rows="2" cols="50"><?php echo $vURLs; ?><?php echo $vURLs; ?></textarea>
</td>
</tr>
<tr>
<th align="center" colspan="2">
<input type="submit" name="btnSave" value="Save product" />
</th>
</tr>
</table>
</form>
<?php
if (strval($productID) != "0") {
?>
<h3>Product images<?php echo " (" . count($imagesArray) . ")"; ?></h3>
<a href="productImage.php?catid=<?php echo $catID; ?>&productID=<?php echo $productID; ?>&id=0">Upload image</a>
<?php
if (count($imagesArray) > 0) {
?>
<table align="center">
<?php
foreach ($imagesArray as $img) {
$imgFile = "../images/" . $img[0];
$imgFile .= substr($img[1], strripos($img[1], "."));
?>
<tr>
<td>
<a href="productImage.php?catid=<?php echo $catID; ?>&productID=<?php echo $productID; ?>&id=<?php echo $img[0]; ?>"><img src="<?php echo $imgFile; ?>" alt="<?php echo $img[2]; ?>" width="50" /></a>
</td>
</tr>
<?php
}//end of looping through images
?>
</table>
<?php
}//end of checking images count
}//end of checking if new product
?>

</body>
</html>
